Any tool under linux to parsing BPB/Bs/FAT table?

Greg Freemyer greg.freemyer at gmail.com
Mon Dec 20 10:56:20 EST 2010


On Mon, Dec 20, 2010 at 2:45 AM, loody <miloody at gmail.com> wrote:
> Dear all:
> I recently trace FS/fat and I want to know is there any utility under
> linux that can help us to easily parse BPB/BS or FAT tables?
>
> appreciate your help,
> miloody

TSK3 apparently does some FAT analysis/parsing.

See this extracted from
http://www.sleuthkit.org/sleuthkit/docs/api-docs/files.html

===
tsk3/fs/fatfs.c	Contains the internal TSK FAT file system code to
handle basic file system processing for opening file system,
processing sectors, and directory entries
tsk3/fs/fatfs_dent.c	Contains the internal TSK FAT file name processing code
tsk3/fs/fatfs_meta.c	Contains the internal TSK FAT file system code to
handle metadata structures
===

TSK3 is command line I believe.  (I've not used it.)

TSK3 is included in Sleuthkit, which is a pretty basic gui I believe
plus some wrappers.

Both TSK3 and Sleuthkit are in the more modern GUI: PTK.
http://ptk.dflabs.com/

All of the above is opensource I believe.  (I normally use commercial
software for filesystem analysis, so I have not used any of the above.
 The only commercial linux filesystem anal. tool that I know of is
"smart".  http://www.asrdata.com/forensic-software/smart-for-linux/  I
haven't tried it in years, so I can't say how good/bad it is
currently.)

Greg



More information about the Kernelnewbies mailing list